Re: Migration <> Key-based Interop (formerly a propos of the weekly issue triage update) from Melvin Carvalho on 2023-07-15 (public-swicg@w3.org from July 2023)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Sat, 15 Jul 2023 14:53:50 +0200
To: Bumblefudge von CASA <virtualofficehours@gmail.com>
Cc: Evan Prodromou <evan@prodromou.name>, public-swicg@w3.org
Message-ID: <CAKaEYhKE-J5Y-MsEjawsDSRLRTpSZSkWczenMubyNW06oyd14A@mail.gmail.com>
so 15. 7. 2023 v 13:39 odesílatel Bumblefudge von CASA <
virtualofficehours@gmail.com> napsal:

> I'm sorry, I love you Melvin, and I love Nostr, but "unscrupulous DID
> methods" is scare-mongering and guilt-by-association. DID methods can't
> have scruples, they are URI schemes for future-proofing and locking-open
> PKI publication mechanisms. In the best of cases, they make key material
> for a given account recoverable long after the heat-death of all companies
> and co-ops involved.  Blanket aspersions on anything that touches a
> blockchain or anything that touches a cryptocurrency are unhelpful and
> making them toes the line of W3C's code of conduct, particularly since
> there are people subscribed to this list who have paid their rent with
> cryptocurrencies at some point in their lives and such aspersions
> indirectly insult them and the time they volunteer to this community.
>
> Decorum aside, I have spent the last 5 years wrangling with the
> variously-scrupulous business models around DIDs and VCs, and I find very
> little ground for such suspicion about DIDs. My experience is that most DID
> methods are over-engineered or inflexible not for nefarious
> Venture-Capital/platform-economics reasons, but simply due to the hubris of
> engineers who underestimate the complexity of identity systems that
> represent humans, which, being social systems, are unpredictable and evolve
> rapidly.  DID methods coupled tightly to the identity system of any
> platform involving human actors (be it a cryptocurrency or a closed
> platform or an open platform) rarely go far, because they are meant to be
> artefacts of translation and migration, NOT 1:1 mappings of "accounts" in
> any system that gives humans accounts.  I personally find it unrealistic to
> bolt one uniform DID method or PKI system onto the entirety of today's
> disjointed Fediverse with its very heterogenous account models and flows,
> much less cut and paste Nostr's or Bluesky's or Farcaster's or Matrix's or
> Secure Scuttlebutt's identity system onto that wide diversity of
> implementations and form-factors. The diversity of instance/client models
> is just too high, and the reasons people use those services too
> heterogeneous.
>
> I support FEP-521a + FEP-c390, because together they enable the maximum
> number of key-based translation and migration approaches. FEP-521a allows a
> one-way link *to* multiple keys and keytypes controlled by an AP actor's
> "account" *from* a DPKI system that controls/rotates/publishes keys. It
> defines a minimally opinionated interface that's DID-Doc friendly without
> even requiring full conformance with DIDs in general or any one DID
> method--it's a helpful superset of "DIDLand".  FEP-c390 allows
> bidirectional linkages, such that DID-expressable keys can sign objects in
> the way that any DID can sign any object in the sprawling graphs of
> Linked-Data Land. Crucially, FEP-521a salvages implementations' past work
> on the `publicKey` property and enables interop with the maximum diversity
> of external systems, including ones that require multiple keys or specific
> key types.  (Full disclosure, I'm also a big fan of multikey and am
> trying to get that spec hardened into an IETF spec+IANA registry, which
> should de-risk and future-proof this commitment to multikey a tiny bit).
>
> My main argument for these two very thin-layer FEPs is that they don't try
> to retrofit any one key-based actor model onto the implementations that
> support them or impose much on their own usage of those keys-- they just
> present a minimally-opinionated interop interface.  They make today's Masto
> and Masto-like identity models a "verificationMethod" and show those
> implementations what a LD-style signature looks like that composes well
> with LD-based interop of the AP data model.  They leave the implementations
> free to get fancy or not with authentication, custodial or non-custodial
> keys, multi-device models, delegation, authorization, etc.  It is an
> incremental move towards key-based interop and migrations, and if enough
> major implementations supported some version of FEP-521a and FEP-c390,
> further FEPs could define bridges to Nostr, Bluesky, Farcaster, Matrix
> and/or SSB based on more opinionated profiles of them (i.e., FEP-521a + key
> of type XX + any DID methods with Y1 and Y2 properties = bidirectional
> account bridge to ZZ). At first glance this sounds piecemeal and messy but
> it's also more composable, and in my experience composability is key to
> building bridges.  Even if it leaves the door open to DID methods or social
> networks that some might find distasteful. Decentralization is messy!
>
> I would also add that Bluesky, whatever else you can say about them, have
> been very circumspect about locking their development into one model of
> portability and translation, which is why they are using a DID method
> called "DID placeholder." Some of us from the DID world met with some bsky
> engineers to ask what they were looking for in a DID method, and they
> stumped us-- none of today's DID methods meet all their requirements, which
> is why they are gracefully punting.  This strikes me as a commendably
> incrementalist approach to key-based identity, which keeps open as many
> doors as possible until there are clear reasons to start closing any.
>
> Sorry to rant,
> __bumblefudge
>

In my respectful opinion, I believe it is critical to maintain the
integrity of the fediverse by firmly discouraging those who may be
interested in leveraging this platform for the sale of pre-printed tokens.
There is evidence that such individuals or groups exist within our
community.

On 7/14/2023 6:58 PM, Melvin Carvalho wrote:
>
>
>
> pá 14. 7. 2023 v 18:07 odesílatel Bumblefudge von CASA <
> virtualofficehours@gmail.com> napsal:
>
>> Say what you will about a per-account key system (such as prototyped in
>> FEP-521a), it would certainly enable some elegant solutions to this
>> problem, such as allowing users to export a key or delegate authority to
>> some kind of external authenticator, which could be used in an unknown
>> future to trigger an custodial export when a server spins down and dumps
>> all its data in a massgrave (with fancy authorization for recovery).
>> The simpler you make it for accountholders to prove "rightful" control
>> of a backup, the easier it is for backups to execute migrations on
>> behalf of servers that went down, right?
>>
>> In any case, definitely support documenting mastodon's status quo,
>> because a LOT of financially fragile servers are running it, and their
>> moderation costs and compliance costs might go through the roof in the
>> coming months, so it seems an urgent community service beyond more
>> long-term plans for cool solutions to the underlying problem.
>>
>
> I love the potential of per account keys, although successful
> implementation lies in the specifics.
>
> One concern I have is the potential misuse of this feature, particularly
> in cases where it could inadvertently lead users towards projects engaged
> in public token sales, which could potentially involve legal issues. This
> is something I've observed with web monetization and many DID methods.
>
> Nostr has implemented a per-user key system effectively within a social
> framework. Their model allows for seamless migration with minimal overhead.
> I believe a similar approach could be beneficial if integrated with AP.
> Migration could be significantly facilitated by combining a
> well-documented Mastodon specification with the option to add keys, but it
> comes with huge risks of ushering in unscrupulous DID methods or
> webmonetization, whose aim is to turn the fediverse user base into the
> product.
>
>
>>
>> On 7/13/2023 12:41 AM, Evan Prodromou wrote:
>> > Yes, great idea.
>> >
>> > I think the current plan is to document the behaviour of Mastodon in
>> > this area, as step one, with a Note or FEP.
>> >
>> > We'd probably need to then discuss problems with the Mastodon
>> > technique, namely:
>> >
>> > 1. If the origin server goes offline, there's no way to move the
>> account.
>> > 2. Similarly if the account is defederated.
>> > 3. All activities and content stay at the origin server, which keeps
>> > their URLs active, but doesn't help if the server goes down.
>> >
>> > The topology of the fediverse is such that most users have gratis
>> > accounts on small, unstable, volunteer-run servers,
>> > donation-supported. That has made this migration process very important.
>> >
>> > I'm personally a fan of using a domain as your identity, and moving
>> > from service provider to service provider as needed, transparent to
>> > your social connections. But that's not the fediverse we've got right
>> now.
>>
>>
>> --
> ------------------------------
> @bumblefudge in a few places, including https://chainagnostic.org
>
Received on Saturday, 15 July 2023 12:54:08 UTC